METHODOLOGICAL AND PROCEDURAL ASPECTS OF DAMAGE ASSESSMENT FROM CYBERATTACKS
Keywords:
cyberattacks, damage assessment, procedural challenges, non-material harm, digital evidence, expert testimony, causation, data breach litigation, legal methodology, intangible lossesAbstract
Cyberattacks pose unprecedented challenges for legal systems in assessing and compensating damage. Unlike traditional harms, cyber incidents often cause diffuse and intangible losses—ranging from stolen data and business interruption to reputational and emotional harm—that are difficult to quantify. This thesis explores the methodological hurdles in measuring such harm and the procedural barriers to proving it in court. It examines how conventional valuation models struggle with cyber losses (for example, putting a price on confidential data or lost consumer trust) and how courts increasingly rely on expert evidence and novel proxies to estimate damage. The discussion also analyzes procedural issues, including the burden of proof on victims to establish causation and loss, the complexities of handling digital evidence, and the need for expert testimony to bridge technical gaps. Comparative examples from international practice illustrate a spectrum of approaches: some jurisdictions have begun to recognize claims for purely non-material harm or to ease evidentiary burdens on cyber victims, while others remain cautious, demanding concrete proof of loss. The overall analysis underscores that damage assessment in cyberattack cases remains an evolving frontier where legal principles are being tested and refined to accommodate the realities of the digital age.
References
1. Dergacheva, A., & Taylor, J. (2024). Study Finds Average Cost of Data Breaches Continued to Rise in 2023. Morgan Lewis – Tech & Sourcing Blog. (discussing Ponemon Institute data on breach costs)
2. Chambers and Partners (2025). Data Protection & Privacy 2025: Japan – Trends and Developments. (noting Japanese courts’ practice of awarding nominal damages for data breach mental distress)
3. Kelly, R. (2023). Damages arising from a data breach: when is it really non-material? RDJ LLP Insights. (comparing UK and German approaches to non-material damage in data protection claims)
4. Quinn Emanuel Urquhart & Sullivan (2022). Private Data Breach Litigation Comes of Age. Firm Memorandum, 4 Oct 2022. (overview of challenges in data breach class actions, including issues of standing, causation, and damages)
5. Ryskamp, D. A. (2024). Cybersecurity Litigation: Trends, Case Studies, and Legal Implications. Expert Institute Insights. (highlights substantive and procedural challenges in cyber litigation, such as proving harm and negligence)
6. Pagefreezer. (2025). The Fragility of Chain of Custody in the Era of Digital Evidence. JDSupra Blog, 1 July 2025. (explaining the importance of preserving digital evidence integrity and implications of failing chain of custody)
